“Now a good chunk of your critical assets are behind the firewall, but all your employees are not.” That’s what NetMotion CEO Christopher Kenessey said recently. He was summarising the problem we’re all facing: All of a sudden, the working world has changed.
Most organizations fail to measure their human cyber risk. Some measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed over time?” and “Which security interventions reduce most risk?”
To make a difference as a security professional today, you need board support. You need resources. You need directors to trust and back you. You need organisational leaders to promote security.
Get your people interested in cyber security and you become more resilient. Here’s how to go about it, starting with the potential end of the world.
The CybSafe Culture Assessment Tool (C-CAT) Whitepaper demonstrates an intelligent and scientific approach to people-centric cyber security culture.
Is it time to reconsider traditional approaches to cyber security? For a long time now, people have largely been viewed as a cyber security “weakness”, and the viewpoint has shaped the majority of the cyber security strategies we see today.
To understand why it might be impossible to reduce human cyber risk without a secure culture, it’s worth considering a series of experiments from the world of behavioural science.The experiments weren’t designed to uncover security insights. Rather, they were designed to demonstrate quirks in human behaviour. Specifically, they were designed to reveal why people sometimes “cheat”.
Our attitudes to loss make us vulnerable online. Here’s how we can nullify the risks – starting with a question. Which of these two generous offers would you rather take up? The first is £1000 in cash with no strings attached. The second is the chance to win £2000 – but only if a coin toss lands on heads.
How can cyber security professionals use psychology to help people prioritise cyber security in the workplace?